dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(auth): ScadaBridge 1.2 review fixes — secret-test repoint, checklist, Scope guard, 0.1.1 pin

Browse Source
This commit is contained in:
Joseph Doherty
2026-06-02 01:23:52 -04:00
parent ac34dac479
commit 4db8c373af
5 changed files with 44 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/ZB.MOM.WW.ScadaBridge.Host.Tests/ConfigSecretsTests.cs
+9 -3
View File
@@ -61,14 +61,20 @@ public class ConfigSecretsTests
[Fact]
public void CentralConfig_LdapServiceAccountPassword_IsNotCommitted()
{
// Task 1.4 cutover: the LDAP service-account password moved out of the flat
// Security:LdapServiceAccountPassword key into the nested Security:Ldap
// sub-section (Security:Ldap:ServiceAccountPassword), bound to the shared
// ZB.MOM.WW.Auth LdapOptions. Walk into Security:Ldap and guard the nested
// key — checking the deleted flat key would pass vacuously.
var security = ScadaBridgeSection().GetProperty("Security");
if (security.TryGetProperty("LdapServiceAccountPassword", out var pw))
var ldap = security.GetProperty("Ldap");
if (ldap.TryGetProperty("ServiceAccountPassword", out var pw))
{
var value = pw.GetString() ?? string.Empty;
Assert.True(
value.Length == 0 || value.Contains('{') || value.Contains('$'),
$"appsettings.Central.json carries a plaintext LdapServiceAccountPassword '{value}'. " +
"Move it to an environment variable.");
$"appsettings.Central.json carries a plaintext Security:Ldap:ServiceAccountPassword '{value}'. " +
"Move it to an environment variable (ScadaBridge__Security__Ldap__ServiceAccountPassword).");
}
}